We explain how to send sensitive information via email and messenger app. How to send secure emails and encrypted messages.

We explain how to send sensitive information via email and messenger app. How to send secure emails, how to send secure messages.

How to send secure emails

To properly secure email messages you need to encrypt two things: the connection from your email provider, and the email itself. The first stops messages being probed as they send, encrypting the email itself means that any intercept will be foiled.

First we'll secure the connection between your email provider and your computer. You need to set up Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption.

If you use the internet to check your email check that SSL/TLS encryption is active. If it is, the website address (URL) will begin with https instead of http. If you don't see an 'https' address type an s at the end of the 'http' and press Enter. This will usually prompt your email provider to encrypt your connection.

If you use a desktop email client such as Outlook or Thunderbird, or a smartphone or tablet with an email app, encryption is harder to verify or to set up. Open up the app or software and navigate to the settings menu. Then in the advanced settings near where you can specify the port numbers for incoming and outgoing connections look for an option to activate encryption.

Now we will encrypt individual email messages during transit. This is a lot more involved and will mean both you and your email recipient must do some work ahead of time. It's probably best to save this for extreme circumstances.

Fortunately you can usually use the built-in encryption features provided by your email service. Failing that you can download encryption software or client add-ons. And if all else fails you can use a web-based encryption email service such as Sendinc or JumbleMe.

Message encryption protocols such as S/MIM and OpenPGP require you to install a security certificate on your computer. You then give trusted contacts a string of characters to use as a key before they can send or receive an encrypted message with you. Likewise, the intended recipients of your encrypted message must install a security certificate on their computer and give you their public key in advance.

Support for the S/MIME standard is built into many email clients, including Microsoft Outlook and Thunderbird. If you use webmail browser add-ons such as Gmail S/MIME for Firefox do the job. To get started, you need to apply for a security certificate from a company such as Comodo.

The OpenPGP (Pretty Good Privacy) email encryption standard has a few variants, including PGP and GNU Privacy Guard (GnuPG). You can find free and commercial software and add-ons, such as Gpg4win or PGP Desktop Email, that support the OpenPGP type of encryption. More here: How to encrypt your email.

How to send secure messages

We are, however, using email less. Instant messaging has become incredibly popular with apps such as WhatsApp offering a free way to send messages across the web. Unfortunately, not all of them keep your messages encrypted. Fortunately, the most popular one around (Whatsapp) does.

It'll let you send messages to friends and family worldwide using end-to-end encryption, keeping them secure. The only downside? Whatsapp is owned by Facebook, a notoriously data-hungry corporation, and while it insists it doesn't (and can't) read users messages, some people are understandably not convinced.

Luckily there are a number of other encrypted messaging apps around that will do just as good a job without any involvement from Mark Zuckerberg. Our colleagues at Techworld have rounded up the best of the bunch, so head there to take a look.

Depending on your needs, one other (and slightly different) option isgoTenna Mesh. These portable devices are designed primarily for areas with poor signal, and let you create a mini mesh network to communicate, but use end-to-end encryption on all messages - with no backdoor access, according to the creators.

Sold inpacks of two, four or eight, you simply pair each goTenna to a phone over Bluetooth and can then send encrypted messages (though not voice calls) between devices as long as they're in range - up to four miles in open terrain, and half a mile or so in busier urban environments. You can also use the devices to create a relay, extending the range with each one.

Obviously this won't be the ideal solution for everyone, but it could be perfect for people who want to reliably and securely contact friends and family who live near them - or anyone hoping to plan for a visit to a low-signal area, such as a hiking trip or festival weekend. You canbuy a pack directly from goTenna.

Comments

Charles Gauthier - 15:36 14-12-2016

Some good ideas, but a few thoughts...

First yes you want encrypted connection to your e-mail provider but that is only one step on a multi leg connection.

If you are staying within the same e-mail service your mail is relatively protected (gmail to gmail is protected from everyone but Google, same from Apple to Apple) but when you cross from one to another it is like sending the info on a postcard.

One easy and strong option is to e-mail a zip file that is locked with the full AES encryption. (NOT THE basic Zip, only AES). Of course you are still exposed to an offline attack if "Bad Guys" get the file, so better still use a strong password.

The new set of messaging apps are actually pretty secure; Telegram, Whats App, and Allo all provide a secure option that encrypts/decrypts on device only and some even have strong man in the middle prevention. The advantage of these is they use multi A-symmetric keys to negotiate a strong encryption key rather than relying on humans to devise "Strong" passwords.